Cybersecurity and Facilities Services Director Job at Municipal Employees' Retir

General Description
The Cybersecurity and Facilities Services Director will provide vision and leadership in the planning, development and implementation of organization wide Cybersecurity and Facilities Services programs to support business operations and achieve efficient, effective, balanced and cost beneficial operations. This position will be responsible for overseeing all cybersecurity & facilities services aspects of the company and the alignment with mission, vision, values, and board policies. The Cybersecurity & Facilities Director will participate in planning corporate growth and coordinating the strategic plan with the development of secure cybersecurity & facilities services and systems.

Duties & Responsibilities:

Leadership & Strategic Planning
• Establish the company’s cybersecurity & facilities services vision and future planning
• Provides strategic and tactical planning, development, evaluation, and coordination of the cybersecurity & facilities services for the organization.
• Develops strategic plans identifying cybersecurity & facilities services programs to support business plans or create new strategic options.
• Plans and controls staffing and development, organization, hardware acquisitions and facilities for cybersecurity to assure that it is consistent with and supportive of the business plans of MERS.
• Maintain a balance between cybersecurity and operational efficiency following the cybersecurity industry principles of maintaining Confidentiality, Integrity and Availability (CIA) of company data
• Approves, coordinates and controls all projects related to selection, acquisition, development and installation of major cybersecurity systems for the organization.
• Provides advice on evaluation, selection, implementation and maintenance of cybersecurity & facilities systems, ensuring appropriate investment in strategic and operational systems. Evaluates systems to measure their success.
• Develops policy, procedures, and standards to ensure the protection of the company’s assets and the integrity, security and privacy of information entrusted to or maintained by MERS.
• Coordinates and oversees the execution of cybersecurity risk assessments and mitigations (e.g. penetration testing, business continuity tabletop exercises, cyber incident response tabletop exercises, disaster recovery systems testing, cybersecurity controls audit, etc.).
• Maintains current knowledge of leading-edge technologies and helps implement those technologies that make business sense for MERS.
• Ensures that the design, implementation, and evaluation of the cybersecurity systems that support end users in the productive use of computer hardware and software are in alignment with organizational goals.
• Responsible for the design of effective cybersecurity & facilities services teams structure development, efficient workflow, and performance standards.
• Provide leadership to cybersecurity & facilities services in a fashion that supports the organization’s culture, vision, mission and values.
• Consults with stakeholders across the organization as an advisor of cybersecurity & facilities services that may improve their efficiency and effectiveness.
• Facilitates communication between staff, management, vendors, and other technology resources within the organization.
• Serve on any corporate-wide or cybersecurity specific governance group deemed necessary for the organization.
• Responsible for building effective internal communication strategies, cybersecurity plans, and policies throughout the organization, including management groups and professional staff.

Coordination with Software/System Vendors
• Ensure that MERS cybersecurity staff and cybersecurity vendors operate collaboratively and effectively to achieve MERS operational and strategic goals.
• Implement, test and operate advanced software security techniques in compliance with MERS technical architecture standards and existing environments.
• Perform on-going security testing and code review to improve software security
• Provide recommendations/designs for new software solutions to help mitigate security vulnerabilities.
• Manage relationship with the Managed Services Provider(s) as needed.
• Contribute to all levels of architecture design and modifications.
• Establish and enforce secure coding practices on both internal systems and with contracted vendors.
• Develop a familiarity with new software security/development tools and best practices.

Supervision/Staff Coordination and Management
• Responsible for the effective selection, growth, and development of all cybersecurity staff members.
• Responsible for the direct supervision of cybersecurity programs.
• Assure that the duties and roles assigned to the cybersecurity team will be performed during vacations, illnesses, and other cases where the managers are not available.

Briefly describe the types of decisions made by this position:
• Responsible for managing Cybersecurity and Facilities Services operations within budget.
• Decisions involving management, maintenance of Cybersecurity and Facilities Services operations and customer service in support of the business operations.
• Decisions involving relationship management with business staff, vendors, contractors & consultants.
• Decisions involving technology methodologies, policies, standards & procedures.

Knowledge of:
• Information systems technology and cybersecurity subjects and extensive knowledge of hardware and software, with the ability to keep abreast of new technologies.
• Cybersecurity principles and practices, and systems design & development processes, including requirements analysis, feasibility studies, software design, programming, pilot testing, installation, evaluation and operational management.
• Business process analysis and redesign.
• Design, management, and operation of managed IT systems.
• Project Management methodologies.
• Cybersecurity professional standards models, preferably NIST standards/frameworks & CIS controls
• Cloud Hosting, Computing, Storage, etc. Services.
• Artificial Intelligence, Machine Learning, and other generative technologies.

Skill in:
• Considerable management skills are required to successfully perform the planning, directing, reporting and administrative responsibilities of this position.
• Effective verbal and written communications skills and effective presentation skills, all geared toward coordination and education.

Preferred Qualifications:
• Knowledge and/or experience in a public sector retirement services setting is highly desirable, specifically in technology, cybersecurity and information systems planning to support retirement services business goals.

Licensure, Certification, or Registration:
• Willingness to obtain professional certifications within one year of hire as needed. (E.g. Certified Chief Information Security Officer (CCISO) and/or Certified Information Security Management (CISM) certifications, etc).

Physical Requirements:
The physical demands described here are representative of those that must be met by an employee to perform successfully the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to handle, or feel objects, tools or controls; reach with hands and arms; climb stairs; balance; stoop, kneel, crouch or crawl; talk or hear.
• The employee must occasionally lift and/or move up to 25 pounds.
• Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to focus.

Working Conditions:
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Location: All work of this position will be performed on site at MERS main office or remote work location.
• Weather: While performing the duties of this job, the employee is not exposed to weather conditions.
• Noise: The noise level in the work environment is usually moderate.